Microsoft's SP2: Not Everyone's Cheering, But That's Not Bad

Network News Break: Windows XP SP2 is here, and at least one segment of the Windows aftermarket is having a hard time working up much enthusiasm for it. Also: Exchange hole plugged, Cisco says sales are on the rebound, homegrown spam, and a good reason to look twice at your keyboard.

WEBINAR:On-Demand

Several months ago we argued in favor of Microsoft releasing its long-awaited Windows XP Service Pack 2 (SP2) to everyone, not just paying Windows customers:

Give it away. Bundle it up in AOL-like CD tins and mail everybody a copy. Put a few in the Sunday Times for good measure. Rent some extra bandwidth, buy a few spam lists, and make it the world's largest, most obnoxious attachment. But get it out there.

Our rationale was straightforward: Microsoft insecurities have a way of making everyone suffer in the form of spam relays, zombie DDoS nodes, and more.

Well, SP2 is here now, and reports are beginning to trickle in that, as expected, the update is a mixed bag of welcome new functionality and severe brekage, depending on the user.

There's also some curious logic coming out of the security software vendors, who complain that Windows' firewall service can be turned off in the event a machine is compromised by a malicious user.
Right. Burglars also sometimes leave through the back door after coming in through a window, but that's not an argument against locking the back door when you go to bed for the night.

Microsoft might have put a dent in security software sales by making its flagship product more secure out of the box, and we can understand why the software companies are looking for something to say to keep users from relaxing enough to stim sales in a lucrative after-market. In the best of all possible worlds, though, we're inclined to note that an operating system with less fear-based incentives to buy security shrinkwrap is a better one. Microsoft doesn't owe the firewall and antivirus vendors a living, and it does owe its users a more secure computing experience. Especially if it's going to continue to dominate the market the way it does.

No one wants to deal with a DDoS attack, but that's no excuse to slack off when it comes to preparing for one. Here are four things you should consider when it comes time to harden your network against attack.